Vulnerabilities in GitLab

1,068 results

Vexday analysis

Com 1.068 CVEs catalogadas e 78 novas surgidas nos últimos 90 dias, o GitLab apresenta um volume de vulnerabilidades que exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com 4 CVEs confirmadas em uso por agentes de ameaça, mas a presença de 83 vulnerabilidades com prova de conceito pública e 24 de severidade crítica amplia consideravelmente a superfície de risco. O destaque mais preocupante é CVE-2021-22205, atualmente a CVE mais perigosa em exploração ativa, com EPSS de 0,9973 — valor que indica probabilidade altíssima de exploração —, e cuja falha de tipo mais recorrente na plataforma, CWE-770 (alocação de recursos sem limites adequados), sugere atenção redobrada a controles de validação de entrada e gestão de recursos. Equipes de segurança devem priorizar a remediação das CVEs com PoC disponível e manter rastreamento próximo das novas emissões, dado o ritmo relevante de descobertas recentes.

CVE-2024-5423MEDIUMUncontrolled Resource Consumption in GitLabEPSS 0.5%CVE-2023-2620MEDIUMInsertion of Sensitive Information Into Sent Data in GitLabEPSS 0.5%CVE-2025-0993HIGHAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.5%CVE-2024-8041MEDIUMUncontrolled Resource Consumption in GitLabEPSS 0.5%CVE-2024-3114MEDIUMUncontrolled Resource Consumption in GitLabEPSS 0.5%CVE-2023-5831LOWInsertion of Sensitive Information Into Sent Data in GitLabEPSS 0.5%CVE-2026-1724MEDIUMMissing Authentication for Critical Function in GitLabEPSS 0.5%CVE-2023-3362MEDIUMGeneration of Error Message Containing Sensitive Information in GitLabEPSS 0.5%CVE-2022-3413MEDIUMIncorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, EPSS 0.5%CVE-2022-2307LOWA lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before EPSS 0.5%CVE-2024-8641MEDIUMPrivilege Context Switching Error in GitLabEPSS 0.5%CVE-2024-4025MEDIUMInefficient Regular Expression Complexity in GitLabEPSS 0.5%CVE-2024-0410HIGHImproper Enforcement of Behavioral Workflow in GitLabEPSS 0.5%CVE-2023-3964MEDIUMIncorrect Authorization in GitLabEPSS 0.5%CVE-2024-1525MEDIUMAuthentication Bypass Using an Alternate Path or Channel in GitLabEPSS 0.5%CVE-2023-3399HIGHInsertion of Sensitive Information Into Sent Data in GitLabEPSS 0.5%CVE-2024-7803MEDIUMAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.5%CVE-2024-7610MEDIUMUncontrolled Resource Consumption in GitLabEPSS 0.4%CVE-2023-2233LOWMissing Authorization in GitLabEPSS 0.4%CVE-2022-4138MEDIUMA Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7EPSS 0.4%

← previouspage 35 / 54next →